CWE-1321

All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions.

Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.

All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.

All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function.

ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a ‘__proto__’ payload.